zksync-sso 0.0.0-beta.1

package/src/client/clients/session.ts

@@ -0,0 +1,105 @@
+import { type Account, type Address, type Chain, type Client, createClient, encodeAbiParameters, getAddress, type Hash, type Prettify, publicActions, type PublicRpcSchema, type RpcSchema, type Transport, type WalletClientConfig, type WalletRpcSchema } from "viem";
+import { privateKeyToAccount } from "viem/accounts";
+
+import { encodeSession } from "../../utils/encoding.js";
+import type { SessionConfig } from "../../utils/session.js";
+import { type ZksyncSsoSessionActions, zksyncSsoSessionActions } from "../decorators/session.js";
+import { type ZksyncSsoWalletActions, zksyncSsoWalletActions } from "../decorators/session_wallet.js";
+import { toSmartAccount } from "../smart-account.js";
+
+export function createZksyncSessionClient<
+  transport extends Transport,
+  chain extends Chain,
+  rpcSchema extends RpcSchema | undefined = undefined,
+>(_parameters: ZksyncSsoSessionClientConfig<transport, chain, rpcSchema>): ZksyncSsoSessionClient<transport, chain, rpcSchema> {
+  type WalletClientParameters = typeof _parameters;
+  const parameters: WalletClientParameters & {
+    key: NonNullable<WalletClientParameters["key"]>;
+    name: NonNullable<WalletClientParameters["name"]>;
+  } = {
+    ..._parameters,
+    address: getAddress(_parameters.address),
+    key: _parameters.key || "wallet",
+    name: _parameters.name || "ZKsync SSO Session Client",
+  };
+
+  const account = toSmartAccount({
+    address: parameters.address,
+    sign: async ({ hash }) => {
+      const sessionKeySigner = privateKeyToAccount(parameters.sessionKey);
+      const hashSignature = await sessionKeySigner.sign({ hash });
+      return encodeAbiParameters(
+        [
+          { type: "bytes" },
+          { type: "address" },
+          { type: "bytes[]" },
+        ],
+        [
+          hashSignature,
+          parameters.contracts.session,
+          [encodeSession(parameters.sessionConfig)], // FIXME: this is assuming there are no other hooks
+        ],
+      );
+    },
+  });
+  const client = createClient<transport, chain, Account, rpcSchema>({
+    ...parameters,
+    account,
+    type: "walletClient",
+  })
+    .extend(() => ({
+      sessionKey: parameters.sessionKey,
+      sessionConfig: parameters.sessionConfig,
+      contracts: parameters.contracts,
+    }))
+    .extend(publicActions)
+    .extend(zksyncSsoWalletActions)
+    .extend(zksyncSsoSessionActions);
+  return client;
+}
+
+export type SessionRequiredContracts = {
+  session: Address; // Session, spend limit, etc.
+};
+type ZksyncSsoSessionData = {
+  sessionKey: Hash;
+  sessionConfig: SessionConfig;
+  contracts: SessionRequiredContracts;
+};
+
+export type ClientWithZksyncSsoSessionData<
+  transport extends Transport = Transport,
+  chain extends Chain = Chain,
+  account extends Account = Account,
+> = Client<transport, chain, account> & ZksyncSsoSessionData;
+
+export type ZksyncSsoSessionClient<
+  transport extends Transport = Transport,
+  chain extends Chain = Chain,
+  rpcSchema extends RpcSchema | undefined = undefined,
+  account extends Account = Account,
+> = Prettify<
+  Client<
+    transport,
+    chain,
+    account,
+    rpcSchema extends RpcSchema
+      ? [...PublicRpcSchema, ...WalletRpcSchema, ...rpcSchema]
+      : [...PublicRpcSchema, ...WalletRpcSchema],
+    ZksyncSsoWalletActions<chain, account> & ZksyncSsoSessionActions
+  > & ZksyncSsoSessionData
+>;
+
+export interface ZksyncSsoSessionClientConfig<
+  transport extends Transport = Transport,
+  chain extends Chain = Chain,
+  rpcSchema extends RpcSchema | undefined = undefined,
+> extends Omit<WalletClientConfig<transport, chain, Account, rpcSchema>, "account"> {
+  chain: NonNullable<chain>;
+  address: Address;
+  sessionKey: Hash;
+  sessionConfig: SessionConfig;
+  contracts: SessionRequiredContracts;
+  key?: string;
+  name?: string;
+}

package/src/client/decorators/index.ts

@@ -0,0 +1,2 @@
+export * from "./session.js";
+export * from "./session_wallet.js";

package/src/client/decorators/passkey.ts

@@ -0,0 +1,22 @@
+import { type Chain, type Transport } from "viem";
+
+import { createSession, type CreateSessionArgs, type CreateSessionReturnType } from "../actions/session.js";
+import type { ClientWithZksyncSsoPasskeyData } from "../clients/passkey.js";
+
+export type ZksyncSsoPasskeyActions = {
+  createSession: (args: Omit<CreateSessionArgs, "contracts">) => Promise<CreateSessionReturnType>;
+};
+
+export function zksyncSsoPasskeyActions<
+  transport extends Transport,
+  chain extends Chain,
+>(client: ClientWithZksyncSsoPasskeyData<transport, chain>): ZksyncSsoPasskeyActions {
+  return {
+    createSession: async (args: Omit<CreateSessionArgs, "contracts">) => {
+      return await createSession(client, {
+        ...args,
+        contracts: client.contracts,
+      });
+    },
+  };
+}

package/src/client/decorators/session.ts

@@ -0,0 +1,17 @@
+import { type Account, type Chain, type Transport } from "viem";
+
+import type { ClientWithZksyncSsoSessionData } from "../clients/session.js";
+
+/* eslint-disable @typescript-eslint/no-empty-object-type */
+export type ZksyncSsoSessionActions = {
+};
+
+export function zksyncSsoSessionActions<
+  transport extends Transport,
+  chain extends Chain,
+  account extends Account,
+  /* eslint-disable @typescript-eslint/no-unused-vars */
+>(client: ClientWithZksyncSsoSessionData<transport, chain, account>): ZksyncSsoSessionActions {
+  return {
+  };
+}

package/src/client/decorators/session_wallet.ts

@@ -0,0 +1,184 @@
+import { /* decodeFunctionData, erc20Abi, getAddress, */ type Account, type Chain, type Transport, type WalletActions } from "viem";
+import { deployContract, getAddresses, getChainId, prepareTransactionRequest, sendRawTransaction, signMessage, signTypedData, writeContract } from "viem/actions";
+import { getGeneralPaymasterInput, sendEip712Transaction, sendTransaction, signTransaction } from "viem/zksync";
+
+import type { ClientWithZksyncSsoSessionData } from "../clients/session.js";
+/* import { getTokenSpendLimit } from '../actions/session.js'; */
+
+export type ZksyncSsoWalletActions<chain extends Chain, account extends Account> = Omit<
+  WalletActions<chain, account>, "addChain" | "getPermissions" | "requestAddresses" | "requestPermissions" | "switchChain" | "watchAsset"
+>;
+
+export function zksyncSsoWalletActions<
+  transport extends Transport,
+  chain extends Chain,
+  account extends Account,
+>(client: ClientWithZksyncSsoSessionData<transport, chain, account>): ZksyncSsoWalletActions<chain, account> {
+  return {
+    deployContract: (args) => deployContract(client, args),
+    getAddresses: () => getAddresses(client),
+    getChainId: () => getChainId(client),
+    prepareTransactionRequest: (args) =>
+      prepareTransactionRequest(client, args),
+    sendRawTransaction: (args) => sendRawTransaction(client, args),
+    sendTransaction: async (args) => {
+      const tx = client.chain.formatters?.transaction?.format(args) || args;
+      /* await verifyTransactionData({
+        value: tx.value,
+        chain: tx.chain || undefined,
+        to: tx.to || undefined,
+        data: tx.data,
+        gas: tx.gas,
+        gasPrice: tx.gasPrice,
+        maxFeePerGas: tx.maxFeePerGas,
+        maxPriorityFeePerGas: tx.maxPriorityFeePerGas,
+      }, client); */
+      if (tx.eip712Meta) {
+        const transaction = {
+          ...tx,
+          account: client.account,
+          paymaster: tx.eip712Meta.paymasterParams.paymaster,
+          // TODO: Find permanent fix as this only works for general paymasters with no input
+          paymasterInput: getGeneralPaymasterInput({ innerInput: "0x" }),
+        };
+        return await sendEip712Transaction(client, transaction);
+      }
+      return await sendTransaction(client, tx);
+    },
+    signMessage: (args) => signMessage(client, args),
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    signTransaction: (args) => signTransaction(client, args as any),
+    signTypedData: (args) => signTypedData(client, args),
+    writeContract: (args) => writeContract(client, args),
+  };
+}
+
+/* export class SpendLimitError extends Error {
+  public tokenAddress: Address;
+  public spendLimit: bigint;
+
+  constructor(message: string, info: { tokenAddress: Address, spendLimit: bigint }) {
+    super(message);
+    this.tokenAddress = info.tokenAddress;
+    this.spendLimit = info.spendLimit;
+  }
+}
+
+const l2BaseTokenAddress = getAddress('0x000000000000000000000000000000000000800a');
+
+const blockedMethods = [
+  "approve", // do not allow token approvals to prevent indirect token transfer
+];
+const isBlockedMethod = (method: string) => {
+  return blockedMethods.includes(method);
+}
+
+const decodeERC20TransactionData = (transactionData: Hash) => {
+  try {
+    const { functionName, args } = decodeFunctionData({
+      abi: erc20Abi,
+      data: transactionData,
+    });
+    return { functionName, args };
+  } catch {
+    return { functionName: undefined, args: [] };
+  }
+}
+
+const getTotalFee = (fee: {
+  gas?: bigint,
+  gasPrice?: bigint,
+  maxFeePerGas?: bigint,
+  maxPriorityFeePerGas?: bigint,
+}): bigint => {
+  if (!fee.gas) return 0n;
+
+  if (fee.gasPrice) {
+    return fee.gas * fee.gasPrice;
+  } else if (fee.maxFeePerGas && fee.maxPriorityFeePerGas) {
+    return fee.gas * (fee.maxFeePerGas + fee.maxPriorityFeePerGas);
+  } else if (fee.maxFeePerGas) {
+    return fee.gas * fee.maxFeePerGas;
+  } else if (fee.maxPriorityFeePerGas) {
+    return fee.gas * fee.maxPriorityFeePerGas;
+  }
+
+  return 0n;
+}
+
+const verifyTransactionData = async (
+  transaction: {
+    value?: bigint;
+    chain?: { id: number | undefined };
+    to?: Address;
+    data?: Hash;
+    gas?: bigint,
+    gasPrice?: bigint,
+    maxFeePerGas?: bigint,
+    maxPriorityFeePerGas?: bigint,
+  },
+  client: ClientWithZksyncSsoSessionData
+) => {
+  const spendLimitCache = new Map<Address, bigint>(); // Prevent multiple calls to getTokenSpendLimit (mostly for ETH)
+  const exceedsSpendLimit = async (tokenAddress: Address, amount: bigint): Promise<boolean> => {
+    if (!spendLimitCache.has(tokenAddress)) {
+      const spendLimit = await getTokenSpendLimit(client, { tokenAddress, sessionKey: client.sessionKey!, contracts: client.contracts });
+      spendLimitCache.set(tokenAddress, spendLimit);
+    }
+
+    const tokenSpendLimit = spendLimitCache.get(tokenAddress)!;
+    if (tokenSpendLimit < amount) {
+      return true;
+    }
+
+    return false;
+  }
+
+  // Verify transaction value
+  const value = transaction.value || 0n;
+  if (await exceedsSpendLimit(getAddress(l2BaseTokenAddress), value)) {
+    throw new SpendLimitError(`Transaction value ${value} exceeds account spend limit`, {
+      tokenAddress: getAddress(l2BaseTokenAddress),
+      spendLimit: spendLimitCache.get(getAddress(l2BaseTokenAddress))!,
+    });
+  }
+
+  // Verify total fee
+  const totalFee = getTotalFee({
+    gas: transaction.gas,
+    gasPrice: transaction.gasPrice,
+    maxFeePerGas: transaction.maxFeePerGas,
+    maxPriorityFeePerGas: transaction.maxPriorityFeePerGas,
+  });
+  if (await exceedsSpendLimit(getAddress(l2BaseTokenAddress), totalFee)) {
+    throw new SpendLimitError(`Total fee ${totalFee} exceeds account spend limit`, {
+      tokenAddress: getAddress(l2BaseTokenAddress),
+      spendLimit: spendLimitCache.get(getAddress(l2BaseTokenAddress))!,
+    });
+  }
+
+  if (!transaction.data || !transaction.to) return;
+
+  // Assuming transaction is an erc20 transaction
+  const { functionName, args } = decodeERC20TransactionData(transaction.data);
+  if (!functionName) return;
+
+  // Verify if method is not blocked
+  if (isBlockedMethod(functionName)) {
+    throw new Error(`Method "${functionName}" is not allowed for this account`);
+  }
+
+  const tokenAddress = getAddress(transaction.to.toLowerCase());
+
+  // Verify transfer amount
+  if (functionName === "transfer") {
+    const [_to, _amount] = args;
+    const amount = _amount ? BigInt(_amount) : 0n;
+    if (await exceedsSpendLimit(tokenAddress, amount)) {
+      throw new SpendLimitError(`Amount ${amount} exceeds account spend limit`, {
+        tokenAddress,
+        spendLimit: spendLimitCache.get(tokenAddress)!,
+      });
+    }
+  }
+} */

package/src/client/index.ts

@@ -0,0 +1,2 @@
+export { deployAccount, fetchAccount } from "./actions/account.js";
+export * from "./clients/session.js";

package/src/client/passkey.ts

@@ -0,0 +1,3 @@
+export * from "./actions/passkey.js";
+export * from "./clients/passkey.js";
+export * from "./decorators/passkey.js";

package/src/client/smart-account.ts

@@ -0,0 +1,68 @@
+import type { Address } from "abitype";
+import { type CustomSource, type Hash, hashMessage, hashTypedData, type Hex, type LocalAccount } from "viem";
+import { toAccount } from "viem/accounts";
+import { serializeTransaction, type ZksyncTransactionSerializableEIP712 } from "viem/zksync";
+
+import { getEip712Domain } from "./utils/getEip712Domain.js";
+
+export type ToSmartAccountParameters = {
+  /** Address of the deployed Account's Contract implementation. */
+  address: Address;
+  /** Function to sign a hash. */
+  sign: (parameters: { hash: Hash }) => Promise<Hex>;
+};
+
+export type ZksyncSmartAccount = LocalAccount<"smartAccountZksync"> & {
+  sign: NonNullable<CustomSource["sign"]>;
+};
+
+type ErrorType<name extends string = "Error"> = Error & { name: name };
+export type ToSmartAccountErrorType = ErrorType;
+
+/**
+ * Creates a [ZKsync Smart Account](https://docs.zksync.io/build/developer-reference/account-abstraction/building-smart-accounts)
+ * from a Contract Address and a custom sign function.
+ */
+export function toSmartAccount(
+  parameters: ToSmartAccountParameters,
+): ZksyncSmartAccount {
+  const { address, sign } = parameters;
+
+  const account = toAccount({
+    address,
+    sign,
+    async signMessage({ message }) {
+      return sign({
+        hash: hashMessage(message),
+      });
+    },
+    async signTransaction(transaction) {
+      const signableTransaction = {
+        ...transaction,
+        from: this.address!,
+        type: "eip712",
+        gas: 100_000_000n, // TODO remove when gas estimation is fixed
+      } as ZksyncTransactionSerializableEIP712;
+
+      const eip712DomainAndMessage = getEip712Domain(signableTransaction);
+      const digest = hashTypedData(eip712DomainAndMessage);
+
+      return serializeTransaction({
+        ...signableTransaction,
+        customSignature: await sign({
+          hash: digest,
+        }),
+      });
+    },
+    async signTypedData(typedData) {
+      return sign({
+        hash: hashTypedData(typedData),
+      });
+    },
+  });
+
+  return {
+    ...account,
+    source: "smartAccountZksync",
+  } as ZksyncSmartAccount;
+}

package/src/client/utils/assertEip712Transaction.ts

@@ -0,0 +1,49 @@
+import { BaseError, type ExactPartial, InvalidAddressError, InvalidChainIdError, isAddress } from "viem";
+import type { ZksyncTransactionSerializable, ZksyncTransactionSerializableEIP712 } from "viem/zksync";
+
+import { isEIP712Transaction } from "./isEip712Transaction.js";
+
+export function assertEip712Transaction(
+  transaction: ExactPartial<ZksyncTransactionSerializable>,
+) {
+  const { chainId, to, from, paymaster, paymasterInput }
+    = transaction as ZksyncTransactionSerializableEIP712;
+
+  if (!isEIP712Transaction(transaction))
+    throw new InvalidEip712TransactionError();
+  if (!chainId || chainId <= 0) throw new InvalidChainIdError({ chainId });
+  if (to && !isAddress(to)) throw new InvalidAddressError({ address: to });
+  if (from && !isAddress(from)) throw new InvalidAddressError({ address: from });
+  if (paymaster && !isAddress(paymaster))
+    throw new InvalidAddressError({ address: paymaster });
+  if (paymaster && !paymasterInput) {
+    throw new BaseError(
+      "`paymasterInput` must be provided when `paymaster` is defined",
+    );
+  }
+  if (!paymaster && paymasterInput) {
+    throw new BaseError(
+      "`paymaster` must be provided when `paymasterInput` is defined",
+    );
+  }
+}
+
+export type InvalidEip712TransactionErrorType =
+  InvalidEip712TransactionError & {
+    name: "InvalidEip712TransactionError";
+  };
+export class InvalidEip712TransactionError extends BaseError {
+  override name = "InvalidEip712TransactionError";
+
+  constructor() {
+    super(
+      [
+        "Transaction is not an EIP712 transaction.",
+        "",
+        "Transaction must:",
+        "  - include `type: \"eip712\"`",
+        "  - include one of the following: `customSignature`, `paymaster`, `paymasterInput`, `gasPerPubdata`, `factoryDeps`",
+      ].join("\n"),
+    );
+  }
+}

package/src/client/utils/getEip712Domain.ts

@@ -0,0 +1,84 @@
+import { toHex } from "viem";
+import { type EIP712DomainFn, hashBytecode, type ZksyncEIP712TransactionSignable, type ZksyncTransactionSerializable, type ZksyncTransactionSerializableEIP712 } from "viem/zksync";
+
+import { assertEip712Transaction } from "./assertEip712Transaction.js";
+
+const gasPerPubdataDefault = 50000n;
+
+/* TODO: This is already available at viem already but not exported (viem also has a mistake in domain name letter casing) */
+export const getEip712Domain: EIP712DomainFn<
+  ZksyncTransactionSerializable,
+  ZksyncEIP712TransactionSignable
+> = (transaction) => {
+  assertEip712Transaction(transaction);
+
+  const message = transactionToMessage(
+    transaction as ZksyncTransactionSerializableEIP712,
+  );
+
+  return {
+    domain: {
+      // cspell:ignore zkSync
+      name: `zkSync`,
+      version: "2",
+      chainId: transaction.chainId,
+    },
+    types: {
+      Transaction: [
+        { name: "txType", type: "uint256" },
+        { name: "from", type: "uint256" },
+        { name: "to", type: "uint256" },
+        { name: "gasLimit", type: "uint256" },
+        { name: "gasPerPubdataByteLimit", type: "uint256" },
+        { name: "maxFeePerGas", type: "uint256" },
+        { name: "maxPriorityFeePerGas", type: "uint256" },
+        { name: "paymaster", type: "uint256" },
+        { name: "nonce", type: "uint256" },
+        { name: "value", type: "uint256" },
+        { name: "data", type: "bytes" },
+        { name: "factoryDeps", type: "bytes32[]" },
+        { name: "paymasterInput", type: "bytes" },
+      ],
+    },
+    primaryType: "Transaction",
+    message: message,
+  };
+};
+
+//////////////////////////////////////////////////////////////////////////////
+// Utilities
+
+function transactionToMessage(
+  transaction: ZksyncTransactionSerializableEIP712,
+): ZksyncEIP712TransactionSignable {
+  const {
+    gas,
+    nonce,
+    to,
+    from,
+    value,
+    maxFeePerGas,
+    maxPriorityFeePerGas,
+    factoryDeps,
+    paymaster,
+    paymasterInput,
+    gasPerPubdata,
+    data,
+  } = transaction;
+
+  return {
+    txType: 113n,
+    from: BigInt(from),
+    to: to ? BigInt(to) : 0n,
+    gasLimit: gas ?? 0n,
+    gasPerPubdataByteLimit: gasPerPubdata ?? gasPerPubdataDefault,
+    maxFeePerGas: maxFeePerGas ?? 0n,
+    maxPriorityFeePerGas: maxPriorityFeePerGas ?? 0n,
+    paymaster: paymaster ? BigInt(paymaster) : 0n,
+    nonce: nonce ? BigInt(nonce) : 0n,
+    value: value ?? 0n,
+    data: data ? data : "0x0",
+    factoryDeps: factoryDeps?.map((dep) => toHex(hashBytecode(dep))) ?? [],
+    paymasterInput: paymasterInput ? paymasterInput : "0x",
+  };
+}

package/src/client/utils/isEip712Transaction.ts

@@ -0,0 +1,18 @@
+import type { ExactPartial } from "viem";
+import type { ZksyncTransactionSerializable } from "viem/zksync";
+
+export function isEIP712Transaction(
+  transaction: ExactPartial<ZksyncTransactionSerializable>,
+) {
+  if (transaction.type === "eip712") return true;
+  if (
+    ("customSignature" in transaction && transaction.customSignature)
+    || ("paymaster" in transaction && transaction.paymaster)
+    || ("paymasterInput" in transaction && transaction.paymasterInput)
+    || ("gasPerPubdata" in transaction
+      && typeof transaction.gasPerPubdata === "bigint")
+      || ("factoryDeps" in transaction && transaction.factoryDeps)
+  )
+    return true;
+  return false;
+}